IP Phones over site to site VPN dropping

Unanswered Question
Feb 19th, 2007

We have a couple Cisco IP phones connected behind a remote Cisco 1811 terminating a site to site VPN. Each day, the phones will drop not at the same time usually but a couple times a day. The "band-aid" fix is is reboot the phone. Even when the phone is down for the user, I can still ping them. There is some latency which I thought was attributed to the ISP connection but a direct connect to the Internet does not show latency. Any idea/troubleshooting step to isolate this issue would be appreciated. The phones plug in to a 2950 switch behind the 1811. Typical ping times over the tunnel are 30-50 ms and at times, it gets as high as 200-300 ms and even a timeout here or there. I have been checking the tunnel configuration and it does not appear to be the issue. I have attached the remote 1811 configuration. Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mchandak Mon, 02/19/2007 - 13:20

Are you using Cisco CM ?? If yes, you might want to modify the QoS settings. Also, what is the b/w btw the 2 sites ??

Consider allocating some b/w for signalling also. And yea, not to forget, 200-300 ms is high for audio also. You will notice a lot of issues with the voice quality

mark.blanchfield Mon, 02/19/2007 - 13:31

We are using CM. I have QOS configured on both the 1811 router and the 2950 switch behind it. I am not sure if those are the correct port numbers for Cisco in the policy map. Originally, we just had Tadiran Ip phones but we added Cisco. I am not sure if the port numbers specified are correct for Cisco as well. The connection is a 2mb x 2mb connection. The 2950 switch interface for one of the Cisco phones is below, thanks:

interface FastEthernet0/23

description Len's IP Phone

switchport access vlan 20

switchport mode access

mls qos cos 4

mls qos trust device cisco-phone

mls qos trust cos

spanning-tree portfast

mchandak Mon, 02/19/2007 - 13:46

with 4 MB of b/w, you have only 128 K for Voice. I think you should increase it. Also, with Cisco CallManager and SCCP, H.323 you should add some a Voice Class and allocate b/w to that also. The port range does not include SCCP, H323. Check the following link for information about Ports used by Cisco CallManager and design QoS accordingly.

http://www.ciscotaccc.com/kaidara-advisor/voice/showcase?case=K16151212 has links for CM 3.3 and 4.1

mark.blanchfield Mon, 02/19/2007 - 13:58

Thanks. We are running CM 4.1 Also, there are a number of H.323 and SCCP ports listed. How do I know which ports to use and can I add them to the existing ACL? Thanks again.

mchandak Mon, 02/19/2007 - 14:40

Yes, u can use the existing ACL. I'd actually recommend removing the ACL u dont need anymore.

For Skinny. The Port would be 2000.

H.323, UDP 1719, tcp 1720.

mark.blanchfield Tue, 02/20/2007 - 05:11

Thanks. I had put in the 2000 and 1720 so I need to also add UDP 1719. Does this QOS configuration only come into play when the phone is in use? The reason I ask is that they are losing connectivity even when they are not in use.

Paolo Bevilacqua Mon, 02/19/2007 - 15:16

I want to go in a different direction in diagnosing this problem, compared to other's valuable suggestions.

I think that if it was a bandwidth problem, you would have quality issues but the phone should not stop working and need a reboot.

I suggest instead you check to be running the latest phone firmware, we can tell you what it is depending on the phone model.

mark.blanchfield Tue, 02/20/2007 - 06:29

Thanks for the response and I have not thought about that. I believe they are 7940s. Also, what is the best method to load the firmware?

mchandak Tue, 02/20/2007 - 06:43

Upgrading the firmware would also be a good option. The best method to upgrade the firmware would be to copy the exe that you have downloaded on to the Publisher/TFTP Server and run the exe. This will automatically copy the load to the tftppath folder and update the device defaults as well.

Download URL for the Loads is http://www.cisco.com/cgi-bin/tablebuild.pl/ip-7900ser

The other option to upgrade the load would be to download and extract the content of the zip file to C:\Program Files\Cisco\TFTPPath and update the device defaults with the new load info if u want to do it for all the phones or update the firmware field on individual phones incase u want to test them on a few phones first.

mark.blanchfield Tue, 02/20/2007 - 07:14

I have never done this. Is it done thru Call Manager or via TFTP server on a laptop?? Also, it seems there are different procedures, some for MGCP, SCCP etc. How do I determine which one to use? Thanks again.

mchandak Tue, 02/20/2007 - 07:28

CallManager has in inbuilt TFTP Server. The folder which used as the TFTP root folder is C:\Program Files\Cisco\TFTPPath. To check if the Publisher is being used as the TFTP server, check the configuration on the phones (Settings ---> Network Configuration ---> TFTP Server 1)

Also, you will have to reset the phones for them to download the new configuration and load information. Check the readme file available with the firmware more additional information on installing it


This Discussion